From d5c70a2b11b54b67c29e10f3f5caf8885a2b0e08 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Fri, 13 Dec 2019 11:32:36 -0800
Subject: [PATCH] Add sshd port warning

---
 baseimage/initializeBaseUbuntuImage.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/baseimage/initializeBaseUbuntuImage.sh b/baseimage/initializeBaseUbuntuImage.sh
index 793d73c76..bf0d30848 100755
--- a/baseimage/initializeBaseUbuntuImage.sh
+++ b/baseimage/initializeBaseUbuntuImage.sh
@@ -123,6 +123,9 @@ timedatectl set-ntp 1
 # mysql follows the system timezone
 timedatectl set-timezone UTC
 
+echo "==> Adding sshd configuration warning"
+sed -e '/Port 22/ i # NOTE: Cloudron only supports moving SSH to port 202. See https://cloudron.io/documentation/security/#securing-ssh-access' -i /etc/ssh/sshd_config
+
 # Disable bind for good measure (on online.net, kimsufi servers these are pre-installed and conflicts with unbound)
 systemctl stop bind9 || true
 systemctl disable bind9 || true